feat(nubus): Update chart to version 0.37.0-pre-jtorres-ox-extensions-to-data-loader

feat(nubus): Update chart to version 0.34.0-pre-jtorres-ox-extensions-to-data-loader
2025-12-08 00:11:38 +01:00 · 2024-08-19 11:24:31 +00:00 · 2024-08-14 14:01:23 +00:00
10 changed files with 109 additions and 142 deletions
--- a/README.md
+++ b/README.md
@@ -36,7 +36,7 @@ openDesk currently features the following functional main components:
 | Groupware            | OX App Suite                | [8.26](https://documentation.open-xchange.com/appsuite/releases/8.26/)                | Online documentation available from within the installed application; [Additional resources](https://www.open-xchange.com/resources/oxpedia) |
 | Knowledge management | XWiki                       | [16.4.1](https://www.xwiki.org/xwiki/bin/view/ReleaseNotes/Data/XWiki/16.4.1/)        | [For the most recent release](https://www.xwiki.org/xwiki/bin/view/Documentation)                                                            |
 | Portal & IAM         | Nubus                       | Product Preview[^1]                                                                   | [Univention's documentation website](https://docs.software-univention.de/n/en/index.html)                                                    |
-| Project management   | OpenProject                 | [14.4.0](https://www.openproject.org/docs/release-notes/14-4-0/)                      | [For the most recent release](https://www.openproject.org/docs/user-guide/)                                                                  |
+| Project management   | OpenProject                 | [14.3.0](https://www.openproject.org/docs/release-notes/14-3-0/)                      | [For the most recent release](https://www.openproject.org/docs/user-guide/)                                                                  |
 | Videoconferencing    | Jitsi                       | [2.0.9646](https://github.com/jitsi/jitsi-meet/releases/tag/stable%2Fjitsi-meet_9646) | [For the most recent  release](https://jitsi.github.io/handbook/docs/category/user-guide/)                                                   |
 | Weboffice            | Collabora                   | [24.04.6.1.1](https://www.collaboraoffice.com/code-24-04-release-notes/)              | Online documentation available from within the installed application; [Additional resources](https://sdk.collaboraonline.com/)               |

--- a/docs/debugging.md
+++ b/docs/debugging.md
@@ -52,7 +52,7 @@ Below you will find some wrap-up notes when it comes to debugging openDesk by ad

 You can add a container by editing and updating an existing deployment, which is quite comfortable with tools like [Lens](https://k8slens.dev/).

- Select the container you want to make use of as debugging container, in the example below it is `registry.opencode.de/bmi/opendesk/components/platform-development/images/opendesk-debugging-image:latest`.
+- Select the container you want to make use of as debugging container, in the example below it's `registry.opencode.de/bmi/opendesk/components/platform-development/images/opendesk-debugging-image:latest`.
 - Ensure the `shareProcessNamespace` option is enabled for the Pod.
 - Reference the selected container within the `containers` array of the deployment.
 - In case you want to access another containers filesystem, ensure the user/group settings of both containers match.
@@ -121,7 +121,7 @@ Now you can add the ephemeral container with:
 ```
 kubectl -n ${NAMESPACE} debug -it --attach=false -c ${EPH_CONTAINER_NAME} --image={DEBUG_IMAGE} ${POD_NAME}
 ```
-and open its interactive terminal with
+and open it's interactive terminal with
 ```
 kubectl -n ${NAMESPACE} attach -it -c ${EPH_CONTAINER_NAME} ${POD_NAME}
 ```
--- a/docs/enhanced-configuration/separate-mail-matrix-domain.md
+++ b/docs/enhanced-configuration/separate-mail-matrix-domain.md
@@ -77,7 +77,7 @@ The following changes apply to the standard DNS:

 #### Content Security Policy

-The webserver of `my_organization.tld` should add `*.opendesk.domain.tld` to its CSP header.
+The webserver of `my_organization.tld` should add `*.opendesk.domain.tld` to it's CSP header.

 #### .well-known

--- a/docs/requirements.md
+++ b/docs/requirements.md
@@ -39,8 +39,6 @@ The following minimal requirements are thought for initial evaluation deployment
 | RAM  | 32 GB, more recommended                               |
 | Disk | HDD or SSD, >10 GB                                    |

-Check [`scaling.md`](./scaling.md) for more details on resource requirements and scalability.
-
 # Kubernetes

 Any self-hosted or managed K8s cluster >= 1.24 listed in
--- a/docs/scaling.md
+++ b/docs/scaling.md
@@ -7,17 +7,55 @@ SPDX-License-Identifier: Apache-2.0

 This document should cover the abilities to scale apps.

-# Horizontal scalability
+<!-- TOC -->
+* [Replicas](#replicas)
+<!-- TOC -->

-We are working on generating this document automatically based on the file
-[`replicas.yaml`](../helmfile/environments/default/replicas.yaml) that contains necessary annotations.
-In the meantime this file can be used to check the components scaling support / capabilities.
+# Replicas

-# Upstream information
+The Replicas can be increased of almost any component, but is only effective for high-availability or load-balancing for
+apps with a check-mark in `Scaling (effective)` column.

-While scaling services horizontally is the ideal solution, information about vertical scaling is helpful
-when it comes to defining the applications resources, see [`resources.yaml`](../helmfile/environments/default/resources.yaml) for references.
+Verified positive effects are marked with a check-mark in `Scaling (verified)` column, apps which are not yet tested are
+marked with a gear.

-Please find below links to the application's upstream resources about scaling:

- [OpenProject system requirements](https://www.openproject.org/docs/installation-and-operations/system-requirements/)
+| Component                   | Name                                     | Scaling (effective) | Scaling (verified) |
+|-----------------------------|------------------------------------------|:-------------------:|:------------------:|
+| ClamAV                      | `replicas.clamav`                        | :white_check_mark:  | :white_check_mark: |
+|                             | `replicas.clamd`                         | :white_check_mark:  | :white_check_mark: |
+|                             | `replicas.freshclam`                     |         :x:         |        :x:         |
+|                             | `replicas.icap`                          | :white_check_mark:  | :white_check_mark: |
+|                             | `replicas.milter`                        | :white_check_mark:  | :white_check_mark: |
+| Collabora                   | `replicas.collabora`                     | :white_check_mark:  |       :gear:       |
+| CryptPad                    | `replicas.cryptpad`                      | :white_check_mark:  |       :gear:       |
+| Dovecot                     | `replicas.dovecot`                       |         :x:         |       :gear:       |
+| Element                     | `replicas.element`                       | :white_check_mark:  | :white_check_mark: |
+|                             | `replicas.matrixNeoBoardWidget`          | :white_check_mark:  |       :gear:       |
+|                             | `replicas.matrixNeoChoiceWidget`         | :white_check_mark:  |       :gear:       |
+|                             | `replicas.matrixNeoDateFixBot`           | :white_check_mark:  |       :gear:       |
+|                             | `replicas.matrixNeoDateFixWidget`        | :white_check_mark:  |       :gear:       |
+|                             | `replicas.matrixUserVerificationService` | :white_check_mark:  |       :gear:       |
+|                             | `replicas.synapse`                       |         :x:         |       :gear:       |
+|                             | `replicas.synapseWeb`                    | :white_check_mark:  | :white_check_mark: |
+|                             | `replicas.wellKnown`                     | :white_check_mark:  | :white_check_mark: |
+| Intercom Service            | `replicas.intercomService`               | :white_check_mark:  | :white_check_mark: |
+| Jitsi                       | `replicas.jibri`                         | :white_check_mark:  |       :gear:       |
+|                             | `replicas.jicofo`                        | :white_check_mark:  |       :gear:       |
+|                             | `replicas.jitsi `                        | :white_check_mark:  |       :gear:       |
+|                             | `replicas.jitsiKeycloakAdapter`          | :white_check_mark:  |       :gear:       |
+|                             | `replicas.jvb `                          |         :x:         |        :x:         |
+| Keycloak                    | `replicas.keycloak`                      | :white_check_mark:  | :white_check_mark: |
+| Memcached                   | `replicas.memcached`                     |       :gear:        |       :gear:       |
+| Minio                       | `replicas.minioDistributed`              | :white_check_mark:  | :white_check_mark: |
+| Nextcloud                   | `replicas.nextcloudApache2`              | :white_check_mark:  | :white_check_mark: |
+|                             | `replicas.nextcloudExporter`             | :white_check_mark:  | :white_check_mark: |
+|                             | `replicas.nextcloudPHP`                  | :white_check_mark:  | :white_check_mark: |
+| OpenProject                 | `replicas.openproject`                   | :white_check_mark:  | :white_check_mark: |
+| Postfix                     | `replicas.postfix`                       |         :x:         |       :gear:       |
+| Redis                       | `replicas.redis`                         |       :gear:        |       :gear:       |
+| Univention Management Stack |                                          |       :gear:        |       :gear:       |
+|                             | `replicas.umsPortalFrontend`             | :white_check_mark:  | :white_check_mark: |
+|                             | `replicas.umsPortalServer`               | :white_check_mark:  | :white_check_mark: |
+|                             | `replicas.umsUdmRestApi`                 | :white_check_mark:  | :white_check_mark: |
+| XWiki                       | `replicas.xwiki`                         |         :x:         |       :gear:       |
--- a/helmfile/apps/nubus/values-opendesk-images.yaml.gotmpl
+++ b/helmfile/apps/nubus/values-opendesk-images.yaml.gotmpl
@@ -19,7 +19,7 @@ nubusKeycloakExtensions:
        registry: {{ .Values.images.nubusKeycloakExtensionHandler.registry }}
        repository: {{ .Values.images.nubusKeycloakExtensionHandler.repository }}
        tag: {{ .Values.images.nubusKeycloakExtensionHandler.tag }}
-
+    
    proxy:
      image:
        registry: {{ .Values.images.nubusKeycloakExtensionProxy.registry }}
@@ -40,7 +40,7 @@ nubusLdapServer:
      tag: {{ .Values.images.nubusLdapServer.tag }}
  dhInitcontainer:
    image:
-      registry: {{ .Values.images.nubusLdapServerDhInitContainer.registry }}
+      registry: {{ .Values.images.nubusLdapServerDhInitContainer.registry }} 
      repository: {{ .Values.images.nubusLdapServerDhInitContainer.repository }}
      tag: {{ .Values.images.nubusLdapServerDhInitContainer.tag }}
  waitForDependency:
@@ -48,7 +48,7 @@ nubusLdapServer:
      registry: {{ .Values.images.nubusWaitForDependency.registry }}
      repository: {{ .Values.images.nubusWaitForDependency.repository }}
      tag: {{ .Values.images.nubusWaitForDependency.tag }}
-
+      

 nubusPortalConsumer:
  portalConsumer:
@@ -56,7 +56,7 @@ nubusPortalConsumer:
      registry: {{ .Values.images.nubusPortalConsumer.registry }}
      repository: {{ .Values.images.nubusPortalConsumer.repository }}
      tag: {{ .Values.images.nubusPortalConsumer.tag }}
-
+      

 nubusNotificationsApi:
  image:
--- a/helmfile/environments/default/charts.yaml
+++ b/helmfile/environments/default/charts.yaml
@@ -200,7 +200,7 @@ charts:
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/platform-development/charts/opendesk-migrations"
    name: "opendesk-migrations"
-    version: "1.2.2"
+    version: "1.2.1"
    verify: true
  minio:
    # providerCategory: "Community"
@@ -254,7 +254,7 @@ charts:
    registry: "artifacts.software-univention.de"
    repository: "nubus-dev/charts"
    name: "nubus"
-    version: "0.36.0-pre-jbornhold-update-stack-data"
+    version: "0.37.0-pre-jtorres-ox-extensions-to-data-loader"
    verify: true
  opendeskKeycloakBootstrap:
    # providerCategory: "Platform"
--- a/helmfile/environments/default/images.yaml
+++ b/helmfile/environments/default/images.yaml
@@ -207,7 +207,7 @@ images:
    # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-migrations"
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/platform-development/images/opendesk-migrations"
-    tag: "1.2.1@sha256:241561c51dee3ccd4d54cf732020634291f124025946e6be983f850bbf4eb1d3"
+    tag: "1.2.0@sha256:42ebe655680466fd4b1647719752f1a4e7482eb2bc44abff806c4ac69fcda3e8"
  milter:
    # providerCategory: "Community"
    # providerResponsible: "openDesk"
@@ -225,7 +225,7 @@ images:
    # repository: "bitnami/minio"
    registry: "docker.io"
    repository: "bitnami/minio"
-    tag: "2024.8.17-debian-12-r0"
+    tag: "2024.8.3-debian-12-r1"
  nextcloudApache2:
    # providerCategory: "Platform"
    # providerResponsible: "openDesk"
@@ -269,7 +269,7 @@ images:
    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/data-loader"
    registry: "artifacts.software-univention.de"
    repository: "nubus/images/data-loader"
-    tag: "0.60.1@sha256:fc658d98f3611bbc793eecdab4f4668d4648f45047d60c92bde9ee642568f701"
+    tag: "0.61.0@sha256:598e9fa176c71a6da90ab200ca52abd88176c8cb22a1bf56fec9cd0daf58f58f"
  nubusGuardianAuthorizationApi:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
@@ -372,8 +372,8 @@ images:
    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
    # upstreamMirrorStartFrom: ["0", "8", "2"]
    registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/platform-development/images/temp-nubus-ldap-2.5-upgrade"
-    tag: "1.1.20@sha256:90f46b8817fa05e6e3ac3b2f053911198675805fb82db8240bfa41239d7e7c61"
+    repository: "bmi/opendesk/components/supplier/univention/images-mirror/ldap-server"
+    tag: "0.17.1@sha256:5b7b629b9655c7bb2857013f3399cefe5bdd3963d568bbf77d6d488c005e3b3b"
  nubusLdapServerDhInitContainer:
    # providerCategory: 'Community'
    # providerResponsible: 'Univention'
@@ -433,9 +433,11 @@ images:
    # upstreamRepository: "nubus/images/ox-extension"
    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
    # upstreamMirrorStartFrom: ["0", "10", "0"]
-    registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/ox-extension"
-    tag: "0.10.0@sha256:f6f32ce0486594eca9c8682b10f60e9d174a526d5acd2ba4d0abcb8f522539b9"
+    # registry: "registry.opencode.de"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/ox-extension"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus/images/ox-extension"
+    tag: "0.11.0"
  nubusPortalConsumer:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
@@ -623,7 +625,7 @@ images:
    # upstreamMirrorStartFrom: ["13", "1", "1"]
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/openproject/images-mirror/open_desk"
-    tag: "14.4.0@sha256:0c1ee5467b5c7888f38eae88a712c2eec6c96995b85f09e0c27705c09f450a70"
+    tag: "14.3.0@sha256:922621b394c1a60e1c427b866284ac636b35717f03bde89302131ad369fbf9ad"
  openprojectBootstrap:
    # providerCategory: "Platform"
    # providerResponsible: "openDesk"
--- a/helmfile/environments/default/replicas.yaml
+++ b/helmfile/environments/default/replicas.yaml
@@ -1,138 +1,62 @@
 # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
 # SPDX-License-Identifier: Apache-2.0
 ---
-# This file contains annotations to (later) generate parts of "docs/scaling.md".
-# When adding new components in here, do not forget to add them as well to
-# `../test/values.yaml.gotmpl` to ensure their linting coverage.
+# Before increasing the replicas of components, please consult the scaling documentation at "docs/scaling.md" to ensure
+# that scaling of the respective component is possible and has the desired effect.
 replicas:
-  # -- component: Antivirus (ClamAV)
-  # -- scalable: true
-  # -- comment: clamav-simple - supports `ReadWriteOnce` PVCs.
+  # clamav-simple
  clamav: 1
-  # -- scalable: true
-  # -- comment: clamav-distributed - requires `ReadWriteMany` PVCs.
+  # clamav-distributed
  clamd: 1
-  # -- scalable: true
-  # -- comment: clamav-distributed - You do not want to scale this service, as it just updates the signature files centrally an should be a singleton.
-  freshclam: 1
-  # -- scalable: true
-  # -- comment: clamav-distributed - requires `ReadWriteMany` PVCs.
-  icap: 1
-  # -- scalable: true
-  # -- comment: clamav-distributed - requires `ReadWriteMany` PVCs.
-  milter: 1
-
-  # -- component: Weboffice (Collabora)
-  # -- scalable: true
  collabora: 1
-
-  # -- component: Pad (CryptPad)
-  # -- scalable: false
  cryptpad: 1
-
-  # -- component: Groupware (OX AppSuite, OX Dovecot etc.)
-  # -- scalable: false
-  # -- comment: Scalable in openDesk Enterprise only
  dovecot: 1
-  # -- scalable: false
-  postfix: 1
-
-  # -- component: Chat (Element, Synapse)
-  # -- scalable: true
  element: 1
-  # -- scalable: tbd
-  matrixNeoBoardWidget: 1
-  # -- scalable: tbd
-  matrixNeoChoiceWidget: 1
-  # -- scalable: tbd
-  matrixNeoDateFixBot: 1
-  # -- scalable: tbd
-  matrixNeoDateFixWidget: 1
-  # -- scalable: tbd
-  matrixUserVerificationService: 1
-  # -- scalable: tbd
-  synapse: 1
-  # -- scalable: true
-  synapseWeb: 1
-  # -- scalable: true
-  wellKnown: 1
-
-  # -- component: IAM (Nubus)
-  # -- scalable: true
+  # clamav-distributed
+  freshclam: 1
+  # clamav-distributed
+  icap: 1
  intercomService: 1
-  # -- scalable: true
-  keycloak: 1
-  # -- scalable: false
-  # -- comment: Will be removed soon.
-  oxConnector: 1
-  # -- scalable: false
-  # -- comment: Should not be scaled, is an async process.
-  umsKeycloakExtensionsHandler: 1
-  # -- scalable: true
-  umsKeycloakExtensionsProxy: 1
-  # -- scalable: tbd
-  umsLdapNotifier: 1
-  # -- scalable: tbd
-  umsLdapServer: 1
-  # -- scalable: tbd
-  umsNotificationsApi: 1
-  # -- scalable: true
-  umsPortalFrontend: 1
-  # -- scalable: tbd
-  umsPortalListener: 1
-  # -- scalable: true
-  umsPortalServer: 1
-  # -- scalable: tbd
-  umsSelfserviceListener: 1
-  # -- scalable: tbd
-  umsStackGateway: 1
-  # -- scalable: true
-  umsUdmRestApi: 1
-  # -- scalable: tbd
-  umsUmcGateway: 1
-  # -- scalable: tbd
-  umsUmcServer: 1
-
-  # -- component: Video conference (Jitsi)
-  # -- scalable: tbd
  jibri: 1
-  # -- scalable: tbd
  jicofo: 1
-  # -- scalable: tbd
  jitsi: 1
-  # -- scalable: tbd
  jitsiKeycloakAdapter: 1
-  # -- scalable: tbd
  jvb: 1
-
-  # -- component: Persistence Layer
-  # -- scalable: false
+  keycloak: 1
  mariadb: 1
-  # -- scalable: false
+  matrixNeoBoardWidget: 1
+  matrixNeoChoiceWidget: 1
+  matrixNeoDateFixBot: 1
+  matrixNeoDateFixWidget: 1
+  matrixUserVerificationService: 1
  memcached: 1
-  # -- scalable: true
+  # clamav-distributed
+  milter: 1
  minio: 1
-  # -- scalable: false
-  postgres: 1
-  # -- scalable: tbd
-  redis: 1
-
-  # -- component: Filestore (Nextcloud)
-  # -- scalable: true
  nextcloudApache2: 1
-  # -- scalable: true
  nextcloudExporter: 1
-  # -- scalable: true
  nextcloudPHP: 1
-
-  # -- component: Project management (OpenProject)
-  # -- scalable: true
  openprojectWeb: 1
-  # -- scalable: tdb
-  # -- comment: Async process that usually has no need for scaling
  openprojectWorker: 1
-
-  # -- component: Knowledge management (XWiki)
-  # -- scalable: false
+  oxConnector: 1
+  postfix: 1
+  postgres: 1
+  redis: 1
+  synapse: 1
+  synapseWeb: 1
+  umsKeycloakExtensionsHandler: 1
+  umsKeycloakExtensionsProxy: 1
+  umsLdapNotifier: 1
+  umsLdapServer: 1
+  umsNotificationsApi: 1
+  umsPortalFrontend: 1
+  umsPortalListener: 1
+  umsPortalServer: 1
+  umsSelfserviceListener: 1
+  umsStackGateway: 1
+  umsUdmRestApi: 1
+  umsUmcGateway: 1
+  umsUmcServer: 1
+  wellKnown: 1
  xwiki: 1
 ...
--- a/helmfile/environments/test/values.yaml.gotmpl
+++ b/helmfile/environments/test/values.yaml.gotmpl
@@ -35,13 +35,17 @@ ingress:
    enabled: true
    secretName: "kyverno-tls"
 replicas:
+  # clamav-simple
  clamav: 42
+  # clamav-distributed
  clamd: 42
  collabora: 42
  cryptpad: 42
  dovecot: 42
  element: 42
+  # clamav-distributed
  freshclam: 42
+  # clamav-distributed
  icap: 42
  intercomService: 42
  jibri: 42
@@ -57,6 +61,7 @@ replicas:
  matrixNeoDateFixWidget: 42
  matrixUserVerificationService: 42
  memcached: 42
+  # clamav-distributed
  milter: 42
  minio: 42
  nextcloudApache2: 42
Author	SHA1	Message	Date
Nubus CI Bot	0309ebeb26	feat(nubus): Update chart to version 0.37.0-pre-jtorres-ox-extensions-to-data-loader	2024-08-19 11:24:31 +00:00
Nubus CI Bot	1ed22b3d40	feat(nubus): Update chart to version 0.34.0-pre-jtorres-ox-extensions-to-data-loader	2024-08-14 14:01:23 +00:00